How our platform vScope relates to GDPR and our efforts to live up to the requirements of GDPR

May 14th, 2018

MALMÖ, Sweden, May 14, 2018 – The General Data Protection Regulation (GDPR) affects anyone whose business involves handling Personal Data about EU residents or within the EU. Trust is paramount for us and everyone at InfraSight Labs takes personal data very seriously. This article provides an overview of how InfraSight Labs as a company and our platform vScope relates to GDPR and our efforts to live up to the requirements of GDPR.

InfraSight Labs as a data processor

Most of vScope data is not at all related to GDPR. vScope is an on-premise solution meaning that you process the data locally and InfraSight Labs will in most cases never touch any of it. vScope is only visualizing information that already exists in other systems and can furthermore never read, store or process any content, personal or not, in any type of database like client registers, patient registers, spreadsheets or similar.

If you as a Data Controller can establish what data your organization is storing and why you are storing it, you will also be compliant in regards to vScope and GDPR.

There are two instances where InfraSight Labs may be a data processor:

Online Backup of vScope data is offered as a complimentary service included in the vScope license.

To be able to troubleshoot issues and improve vScope, InfraSight Labs will from time to time ask you to send us support data. This data may contain personally identifiable information.

Using these services, means that you have engaged InfraSight Labs as your data processor to carry out this activity on your behalf. Furthermore, for hosting companies or any other company processing data on behalf of clients, this means InfraSight Labs may serve as a sub-processor.

According to Article 28 of the GDPR, the relationship between the controller and the processor needs to be made in writing (electronic form is acceptable under subsection (9) of the same Article). This relationship is outlined in our General Terms and Privacy Policy and these two documents serve as your data processing contract, setting out the instructions that you are giving to InfraSight Labs with regards to processing the personal data you control and establishing the rights and responsibilities of both parties. InfraSight Labs will only process your data based on your instructions as the data controller. The backup service can at any time be turned off, without affecting any vScope functionality.

All customers have a contractual relationship with InfraSight Labs AB, an entity based in Sweden.

Data transfers

The GDPR establishes strict requirements for moving data outside of its scope of protection. InfraSight Labs is never moving any data outside of the EEA and all data is stored in our datacenter in Malmö, Sweden. We also acknowledge that should we ever change this policy and engage sub-processors outside the EEA, it is our job to ensure that we transfer the data lawfully and that we are transparent with you about these transfers.

InfraSight Labs as a data controller

Additionally, InfraSight Labs acts as the data controller for the Personal Data we collect about you as a user of vScope and our website. We process:

Data that is necessary for us to perform our contract with you (GDPR Article 6(1)(b)).

Data to meet our obligations under the law (GDPR Article 6(1)(c)) — this primarily involves financial data and information that we need to meet our accountability obligations under GDPR.

Personal data for our legitimate interests in line with GDPR Article 6(1)(f).

More detailed information about this can be found in our Privacy Policy.

Contact

InfraSight Labs take your privacy very seriously. If you have any questions with regards to the above or need support on your specific case, please reach out to us at dataprotectionofficer@infrasightlabs.com.

About InfraSight Labs

InfraSight Labs is a Swedish software company that develops vScope, a platform for IT inventory. From its base in Malmö, InfraSight Labs has grown from a small startup to a well-known company within the IT industry in Sweden. Today hundreds of organizations use vScope to excel in their IT delivery.

Read more

Using vScope for your GDPR compliance

While vScope doesn’t process much Personal Data, it can still be highly valuable and useful to use in your efforts to become and stay GDPR compliant. Updated IT documentation, security audits, gap analysis and access management are some of the features/use cases that is provided by vScope. Using vScope will help your organization to facilitate the transparency needed to get and stay compliant. vScope provides a great platform for IT to share reports and collaborate with other units of the organization meaning that there are really no technical skills required to access IT information.